Link List

Sponsored by..

Friday, 21 June 2013

LexisNexis spam FAIL

This fake LexisNexis spam is meant to have a malicious attachment, but something has gone wrong. Nonetheless, the next time the spammers try it they will probably get it right.. so beware of any emails similar to this one that have an attachment larger than a couple of hundred bytes.

You can PAY YOUR BALANCE through the PowerInvoice please print the attached invoice and mail to the address indicated on the invoice statement. If you do not have Adobe Acrobat, please find a link to a free downloadable file at the end of this e-mail.

In this case the attachment is just 8 bytes and is harmless. Next time, it probably won't be..

Of note, the only link in the email goes to [donotclick]https://server.nepplelaw.com/owa/redir.aspx?C=430ed6e3b59a4a69b2d5653797c3e3d6&URL=http%3a%2f%2fwww.adobe.com%2fproducts%2facrobat%2freadstep2.html which is the sort of thing that happens to a URL when it goes through Outlook Web Access, in this case it would be on the server server.nepplelaw.com but I have no explanation as to why it is there, however it is harmless.

On Friday, June 21, 2013, a large number of LexisNexis® customers and other organizations received fraudulent e-mails claiming to be from LexisNexis and containing what appear to be invoices. These e-mails and the invoices are not legitimate and originate from outside our systems. LexisNexis systems remain secure and unaffected. For more information on the incident go to http://www.lexisnexis.com/media/press-release.aspx?id=1371846110655006

@Richard - I think you're seeing ones with the payload intact, these ones are truncated. There's another run coming in today with a BBB theme. I'll review the post a little to make it clear that this type of spam USUALLY leads to malware..